CVE-2024-41184

2024-07-1801:15:15

Debian Security Bug Tracker

security-tracker.debian.org

cve-2024-41184

integer overflow

vrrp_ipsets_handler

keepalived

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

JSON

In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.

OSVersionArchitecturePackageVersionFilename
Debian12allkeepalived<= 1:2.2.7-1keepalived_1:2.2.7-1_all.deb
Debian11allkeepalived<= 1:2.1.5-0.2+deb11u1keepalived_1:2.1.5-0.2+deb11u1_all.deb
Debian999allkeepalived<= 1:2.3.1-1keepalived_1:2.3.1-1_all.deb
Debian13allkeepalived<= 1:2.3.1-1keepalived_1:2.3.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	keepalived	<= 1:2.2.7-1	keepalived_1:2.2.7-1_all.deb
Debian	11	all	keepalived	<= 1:2.1.5-0.2+deb11u1	keepalived_1:2.1.5-0.2+deb11u1_all.deb
Debian	999	all	keepalived	<= 1:2.3.1-1	keepalived_1:2.3.1-1_all.deb
Debian	13	all	keepalived	<= 1:2.3.1-1	keepalived_1:2.3.1-1_all.deb